Jeff Butonic v3.00 Virus - Amiga Virus Encyclopedia
VIRUS HELP TEAM
------------------------
Amiga Virus Encyclopedia
Jeff Butonic v3.00 Virus
------------------------
== Computer Virus Catalog 1.2: JEFF BUTONIC 3.0 Virus (10-Feb-1991) ==
Entry...............: JEFF BUTONIC 3.0 Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: ---
where.: North Germany
Classification......: link virus (directory type), resident
Length of Virus.....: 1. length on storage medium: 2916 byte
2. length in RAM : 2876 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: typical text: ---
identification by the following entry (invisible
in ASCII editors) in startup-sequence as 1st
entry: "$A0,$A0,$A0,$20,$9B,$41";
identification using a disk manager: a file
$A0,$A0,$A0 (invisible) exists in root
directory, with length=2916 byte;
identification by text in memory: "Hi. Jeff's
speaking here... (w) by the genious BUTONIC...
V3.00/9.2.89 - Gen.0026 Greetings to
*Hackmack*,*Atlantic*, & Alex,Frank,Wolfram,
Gerlach,Miguel,Klaus,Snoopy-Data!"; this
text is displayed as alert message after
destruction of a disk structure;
identification by transient damage: window
titles are changed to following ones: "Ich
Brauch jetzt Alk!", "Bitte keinen Wodka!",
"Mehr Buszyklen fuer den Prozessor", "Paula
meint, Agnus sei zu dick"
Type of infection...: self-identification method: virus searches for
the following entry in startup-sequence:
$A0,$A0,$A0,$A0,$9B,$41 (invisible in ASCII
editors);
system infection: RAM resident, reset resident
Infection Trigger...: using unprotected disk-like devices
Storage media affected: all bootable and disk-like devices
Interrupts hooked...: ---
Damage..............: permanent damage: destroys directory structure;
transient damage: manipulation of window titles;
alert message after destroying the structure
of a bootable device
Damage Trigger......: permanent damage: (to be analysed)
transient damage: (to be analysed)
Particularities.....: DoIO vector and KickTag pointer are misused
Similarities........: author of this virus evidently knows BGS virus
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.3, VT 1.94
.3 Monitoring System Areas:
CHECKVECTORS 2.3, GUARDIAN 1.2,
VIRUS-DETEKTOR 1.1, VT 1.94
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.3,
BGS9-PROTECTOR, VIRUS-DETEKTOR 1.1
Category 4: Vaccine: BGS9-PROTECTOR
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.3, VT 1.94
Standard means......: CHECKVECTORS 2.3 or VT 1.94 with deletion of
"no name" file entry (see above) with a disk
manager and correction of the startup-sequence
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 10-February-1991
Information Source..: ---
======================================== End of JEFF BUTONIC 3.0 Virus =================================
Antivirus removal..: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Screenshot of JEFF BUTONIC 3.0 Virus:
